You are not sending gie.local to your IAS but dealing with them locally. Change realm gie.local back to realm LOCAL and it should start to proxy such requests. Ivan Kalik Kalik Informatika ISP Dana 20/4/2007, "parfait kouassi nda" <ndaparfait@hotmail.com> piše:
my last coonfiguration of these files is: radiusd.conf proxy_request = yes
proxy.conf realm gie.local { type = radius authhost = LOCAL accthost = LOCAL }
realm DEFAULT { type = radius authhost = araignee.gie.local:1812 accthost = araignee.gie.local:1813 secret = parfait nostrip }
Clients.conf client 192.168.0.2 { secret = parfait shortname = araignee.gie.local }
when i do configuration in all flies my freeradius reject my packets! this is the show of radiusd -X!
Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 0 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests.
rad_recv: Access-Request packet from host 192.168.3.1:1812, id=19, length=130 NAS-IP-Address = 192.168.3.1 NAS-Port = 50001 NAS-Port-Type = Ethernet User-Name = "picasso@gie.local" Calling-Station-Id = "00-A0-C9-DE-7A-FE" Service-Type = Framed-User Framed-MTU = 1000 EAP-Message = 0x02020016017069636173736f406769652e6c6f63616c Message-Authenticator = 0x5aa9378c210f3cc9896ff7a4742bce77 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_realm: Looking up realm "gie.local" for User-Name = "picasso@gie.local" rlm_realm: Found realm "gie.local" rlm_realm: Proxying request from user picasso to realm gie.local rlm_realm: Adding Realm = "gie.local" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 19 to 192.168.3.1 port 1812 EAP-Message = 0x01030016041014292e9e4d0f780980b96f3ad2459504 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x020f058ccb95cbc717c1bb0f624b681b Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.3.1:1812, id=20, length=165 NAS-IP-Address = 192.168.3.1 NAS-Port = 50001 NAS-Port-Type = Ethernet User-Name = "picasso@gie.local" Calling-Station-Id = "00-A0-C9-DE-7A-FE" Service-Type = Framed-User Framed-MTU = 1000 State = 0x020f058ccb95cbc717c1bb0f624b681b EAP-Message = 0x020300270410e10ab8e5381c81c7806d8dbe102936fa7069636173736f406769652e6c6f63616c Message-Authenticator = 0xd4268d3dbb7397a0ff40d4c74b040f9d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_realm: Looking up realm "gie.local" for User-Name = "picasso@gie.local" rlm_realm: Found realm "gie.local" rlm_realm: Proxying request from user picasso to realm gie.local rlm_realm: Adding Realm = "gie.local" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 39 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap_md5: User-Password is required for EAP-MD5 authentication rlm_eap: Handler failed in EAP/md5 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 auth: Failed to validate the user. Login incorrect: [picasso@gie.local/<no User-Password attribute>] (from client Switch port 50001 cli 00-A0-C9-DE-7A-FE) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.3.1:1812, id=20, length=165 Sending Access-Reject of id 20 to 192.168.3.1 port 1812 EAP-Message = 0x04030004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 19 with timestamp 46288d79 Cleaning up request 1 ID 20 with timestamp 46288d79 Nothing to do. Sleeping until we see a request.
_________________________________________________________________ MSN Hotmail : créez votre adresse e-mail gratuite & ŕ vie ! http://www.msn.fr/newhotmail/Default.asp?Ath=f
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html